skip to main content


Title: Toward live inter-domain network services on the ExoGENI testbed
A key dimension of reproducibility in testbeds is stable performance that scales in regular and predictable ways in accordance with declarative specifications for virtual resources. We contend that reproducibility is crucial for elastic performance control in live experiments, in which testbed tenants (slices) provide services for real user traffic that varies over time. This paper gives an overview of ExoPlex, a framework for deploying network service providers (NSPs) as a basis for live inter-domain networking experiments on the ExoGENI testbed. As a motivating example, we show how to use ExoPlex to implement a virtual software-defined exchange (vSDX) as a tenant NSP. The vSDX implements security-managed interconnection of customer IP networks that peer with it via direct L2 links stitched dynamically into its slice. An elastic controller outside of the vSDX slice provisions network links and computing capacity for a scalable monitoring fabric within the tenant vSDX slice. The vSDX checks compliance of traffic flows with customer-specified interconnection policies, and blocks traffic from senders that trigger configured rules for intrusion detection in Bro security monitors. We present initial results showing the effect of resource provisioning on Bro performance within the vSDX.  more » « less
Award ID(s):
1642140
NSF-PAR ID:
10080596
Author(s) / Creator(s):
; ; ; ; ; ; ; ;
Date Published:
Journal Name:
IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)
Page Range / eLocation ID:
772 to 777
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. The transformation of innovative research ideas to production systems is highly dependent on the capability of performing realistic and reproducible network experiments. In this work, we present a network testbed consisting of container-based network emulation and physical devices to advocate high fidelity and reproducible networking experiments. The testbed integrates network emulators (Mininet), a distributed control environment (ONOS), and physical switches (Pica8). The testbed (1) offers functional fidelity through unmodified code execution in emulated networks, (2) supports large-scale network experiments using lightweight OS-level virtualization techniques and capable of running across distributed physical machines, (3) provides the topology flexibility, and (4) enhances the repeatability and reproducibility of network experiments. We validate the testbed fidelity through extensive experiments under different network conditions (e.g., varying topology and traffic pattern). We also use the testbed to reproduce key results from published network experiments, such as Hedera, a scalable and adaptive network traffic flow scheduling system. 
    more » « less
  2. null (Ed.)
    Network traffic modeling plays an important role in the generation of realistic network traffic in test environments. Especially in cases where researchers carry out experiments with real production-like traffic, as seen in specific home, enterprise, campus, LAN, or WAN networks. We present our ongoing work on a new framework that enables the methodical creation of application-agnostic traffic models from given network traces of a known network topology. The framework then uses these models to generate realistic traffic on a given network topology. We share a preliminary evaluation of the framework based on repeatable experiments where we model a typical web application traffic and then regenerate the traffic based on the model in a test network on our VTS (Virtual Topology Services) testbed. 
    more » « less
  3. As 5G networks are gradually rolled out worldwide, it is important to ensure that their network infrastructures are resilient against malicious attacks. This work presents VET5G, a new virtual end-to-end testbed for 5G network security research experiments or training activities such as Capture-The-Flag competitions. The distinguishing features of VET5G include a home-grown 5G core network emulator written in Rust to ensure memory and thread safety, integration of OpenAirInterface’s Radio Access Network emulator and the official Android emulator to achieve full end-to-end 5G network emulation, inclusion of a reference P4 software switch to assist with prototyping of defense mechanisms for 5G data planes, implementation of Python APIs for easy 5G network experimentation, and adoption of JupyterHub to support multi-user experimentation. In our experiments we demonstrate how to use VET5G for two attack scenarios in 5G networks as well as its performance when it is used in a 5G hacking project for a Mobile Systems Security course. 
    more » « less
  4. null (Ed.)
    Virtual Network Functions (VNFs) are software implementation of middleboxes (MBs) (e.g., firewalls) that provide performance and security guarantees for virtual machine (VM) cloud applications. In this paper we study a new flow migration problem in VNF-enabled cloud data centers where the traffic rates of VM flows are constantly changing. Our goal is to minimize the total network traffic (therefore optimizing the network resources such as bandwidth and energy) while considering that VNFs have limited processing capability. We formulate the flow migration problem and design two efficient benefit-based greedy algorithms. The simulations show that our algorithms are effective in reducing the network traffic as well as in achieving load balance among VNFs. In particular, our flow migration algorithms can reduce upto 15% network traffic compared to the case without flow migration. 
    more » « less
  5. P4’s data-plane programmability allows for highly customizable and programmable packet processing, enabling rapid innovation in network applications, such as virtualization, security, load balancing, and traffic engineering. Researchers extensively use Mininet, a popular network emulator, integrated with BMv2, for fast and flexible prototyping of these P4-based applications, but due to its lower performance in terms of throughput and latency compared to a production-grade software switch like Open vSwitch, it is crucial to have an accurate and scalable emulation testbed. In this paper, we develop a lightweight virtual time system and integrate it into Mininet with BMv2 to enhance fidelity and scalability. By scaling the time of interactions between containers and the underlying physical machine by a time dilation factor (TDF), we can trade time with system resources, making the emulated P4 network appear to be faster from the viewpoint of the switch/host processes in the container. Our experimental results show that the testbed can accurately emulate much larger networks with high loads, scaled by a factor of TDF with extremely low system overhead. 
    more » « less